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PROCESS OF CONTROLLING A SOFTWARE PRODUCT 

This disclosure is based upon, and claims priority from International 
Application No. PCT/FR98/01226, filed June 12. 1999, the contents of which are 
incorporated herein by reference. 

Background of the Invention 

The present invention relates to the field of the protection of software 
products against piracy. It has as its object a process o, control the execution of 

a software product. . 

A software product is understood to mean any program and/or data .mended 
,0 be processed or executed by a central processing unit, particularly the 
microcomputer of a persona, computer (PC). Software products can be recorded on 
my medium such as a diskette, hard disk, CD-ROM compact optical disk, or stored 
on any medium such as a ROM or EPROM type memory. 

Computer programs or software prcduc*. particularly for a PC, are more and 
more copied and used without authorization. This is accentuated by the possibility 
of disseminating the copy on a large scale over networks of servers or to copy . by 
a mass production o, CD-ROMs on which tire software is recorded. Sunple tllega, 
copies which can be produced on a hard disk or on microcomputer diskettes wtthtn 

the same company are also known. 

Among the solutions for preventing illegal use of software products, a system 
is known for controlling the distribution of computer programs. The program ts 
recorded on its medium in a coded form, and i, is then decoded before loading on the 
computer by the authorized user. For this purpose, the authorised user has means 
permitting decoding. This process has the advantage of preventing the copy.ng ofthe 
medium containing the program, but it has the disadvantage of no, preventing the 
copying of the program from the PC. 



A process for controlling the execution of the program is likewise known. It 
consists of putting into effect a procedure which permits the verification o, the 
presence of a secure device connected ,0 the seriai port o, the PC, in partrcu a , or 

the program. The presence and authenticity of the device is verified dunng the 
execution o, the program, continuing the execution of the program being dependent 
on the verification. This process has the disadvantage that i, can be by-passed by 
skipping the instructions corresponding to this verificafon. 

Aprocess for controlling the use of a microcomputer by anauthorized person, 
and thus indirectly of any program contained within it, is likewise known. 1. uses a 
chi p card with a microcircuit, common* known as a "smart card" . In mis process, 
a PC is connected via a suitable interface to the smart card, contains a secret 
authorization code. The authorized user has to key in the access code, whtch ts 
compared with that stored in the smart card. If the codes correspond, access to the 
computer or to data or to a computer program is authorized. 

This process has the disadvantage of not being able to directly protect Are 
medium before it is loaded into the computer. The medium can therefore be copted. 

in the following description, mere is understood by "smart card", any 
accessory type of chip medium which is detachable and portable, and which 
comprises a, leas, one security module containing a microprocessor and a memory 
space suitable for containing secret data such as a secret key, as well as secret 
programs. In particular, a module is concerned which can be inserted into an 
input/output port of a computer; preferably, it is a card of standardized form, a chtp 
card, or a mini chip card. 

Summary of the Invention 

The present invention has as its object to provide a solution to the problem 
of piracy which is more effective than the present solutions. 
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The solution provided by the invention likewise relates ,0 the field of control 
of the execution of a computer program. Execution is controlled because it is solely 
permitted ,0 persons who have purchased a right of utilization. This right ts brought 
WO effect by a secure means or accessory, particularly a smart card according to an 
example of the invention. By mis means, any copying or diffusion of the program ts 

deterred. r + * r 

For mis purpose, the invention firstly has as its object a process of control of 

me execution of a computer program. According » a first mode, it comprises the 
following steps, consisting of. 

(1) Splitting a program into a. leas, two parts, respectively pubhc and secret, 
the publicpartbeing suitable for execution on a first processing means, and the secret 
part being suitable for execution on a secure, second processing means. 

(2) Placing the public part in a memory of the firs, processing means. 

(3) Placing me secre, par, on a secure medium of <he second processing means 
intended to be connected to the first processing means. 

(4) Carrying ou, me following operations for the execution of the program by 

the first processing means: 

(a) connecting the second processing means to the first, and 
emission, from the first processing means to the second, of parameters/variables 
which are functions of external signals initiated by a user, 

(b) execution of at least a portion of the program by the second 
processing means, putting into effect a certain number of the received 

parameters/ variables , 

(c) transmission of the results of the execution of the precedmg 

paragraph (b) from the second, processing means to the first, 

(d) using a certain number of the results in the execution effected by 

the first means. 

It is characterized in that the second means is a portable and detachable 

accessory chip medium. 



sorting .0 another embodiment, the process comprises the following steps 

mepublicpartbeingsuitab.e for execution on a ^processing means, ana *e secret 
par, being suitable for execution on a secure, second processing means. 

(2, Encoding at ieast a secret par. and placing it with the pubhc part on the 
sam e medium, the latter being intended ,0 be connected to the firs, processing means. 

(3) Placing a corresponding decoding function in the second proccssmg 

(4) Carrying ou, the following operations for the execution of the program: 

(a) connecting the second processing means to the firs,, and 
transmission, from ,he firs, processing means ,o me second, o, an or a portion of me 

coded secret part, cw , iir . 

(b) decoding the coded secret par, received by me second, secure 

processing means by making use of the decoding function, and storing me decoded 
secret part in secure memory. 

(C ) transmission from me firs, processing means ,o me second of 
parameters/variables which are functions of external signals, 

(d) execution of at leas, a secret portion by the second, secure 
processing means, using a certain number of *e receive* parame,ers/variab,es, 

(e) emission of me resuUs of «he execution of the preceding 
paragraph (d) from me second processing means to the first, 

(f, using a certain number of the resuUs in the execution effected by 

the first means. 

„ is characterized in ,ha, me second means is a portable and daachable 

accessory chip medium. . 

According ,0 a characteristic of implementation of the second vanant, » the 
operation (a) a portion of me coded program is rransmined ,o me ex K n, needed 
and/or as a function of the capacity of the secure, second processing means. 
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can be executed which has a size 



Due to this characteristic, a coded program 
gr eater man *. memory capacity of ft, second processing means. This ma.es t, 
possible ,o have recourse .0 easily manipulated, discrete portabie medra of the type 
with a chip, which are generally excluded as the second processing means because 
of their small capacity. 

Brief Description of the Drawings f , h »,„„ 
The invention will be better understood on reading the descnptton of the mo 
mod es of embodiment of the process illustrated in the accompanying drawmgs, m 

Wh ' Ch; Figure 1 is a block diagram representation of a firs, embodiment of the 

invention; and 

Figure 2 is a block diagram representation of a second embodtmen. of the 
invention. 

Detailed Description 

Embodiments of the invention will be described hereinafter » eonnectton 
widtanexampleofacomputerprogram.Theprogramtakenasanexamp.eisaword 

processing program. 

TO put the process into effect, it is necessary to split the word processmg 
program 10 into a, least two parts, respectively public 12 and secret 14. The pubhc 
part is capable ofbeing executed on a firs, processing means, while the secret part 
I capable of being executed on a second, secure processing means. They can thus 
appropriately undergo a compilation which is distinct for each. 

The first part, termed public, is executable on a microcomputer (PC) 
operating system !6, taken as the firs, processing means in the example^ 

The second par,, termed secret, is executable on a secure crcutt of a chtp card 
18 taken as me second processing mea^ in me example. The secure circur, 
comprises an 8-bit processor 20, a ROM permanent memory 22 confining ; the 
operating system of the card, and a non-volatile EEPROM type memory 24 and a 
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RAM type volatile working memory 26. The circuit can be, for example, the circuit 
of a smart card. 

During the storage of the word processing program on a medium intended to 
be distributed commercially, the program is distributed on distinct storage or 
5 recording media. For this, in the example, the public part is disposed on an optical 

disk (CD-ROM) 28, while the secret part is disposed in the EEPROM memory 24 
of the chip card. As the physical medium for the program, in this case, two elements 
are thus necessary: the optical disk 28 and an associated chip card 18. In the example, 
the function of calculating the cursor position on the screen of a PC has been chosen 
10 to constitute the secret part. This function is lacking on the optical disk and is present 

solely on the chip card. 

For the execution of the program, the PC is connected to the chip card by an 
interface so as to permit bidirectional communication between them. The public 
program of the optical disk is loaded into the PC by reading the optical disk. The chip 
15 card can for example be connected to the PC via a chip card reader 30 which is itself 

connected to an input/output port of the PC. 

In the course of execution according to the invention, the following operations 
or steps are effected. 

Parameters/variables PARAM which are functions of external signals are 
20 transmitted from the first processing means to the second. 

In a general manner, "external signals" means information or events which 
can be different for each utilization of the program. The security of the system is even 
better ensured when the set of information communicated to the card differs for each 
utilization. It is likewise even better ensured when the program on the chip card is 
25 complex because it comprises, for example, very numerous possible outputs and 

because there is a sophisticated relationship between the inputs and the outputs. 

In the sense of the present invention, the actions initiated by the user via a 
mouse, keyboard or other input peripheral can for example constitute external 
signals. 
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In the example, it is the central processing unit of the PC which transmits to 
the card, via the interface, the data which correspond to keys of the keyboard actuated 
by the user. The central processing unit carries out this transmission by executing the 
public program and the functions of the operating system. For this purpose, the 
5 public program contains the instructions necessary for this transmission. 

According to a following step of the process, at least a portion of the program 
is executed by the second, secure processing means, making use of a certain number 
of the received parameters/variables. This implies that the output of the execution of 
this part of the program will strongly depend on the value or nature of the 
10 parameters/ variables which are made use of or which are taken into account by the 

second processing means for the execution of the secret program. 

In the example, when the user strikes the keys of the keyboard, the card then 
executes the calculation of the cursor position in a line of text on the screen and sends 
the result RSLT, in this case the value of this position, back to the PC, according to 
15 another step of the process. 

Then, according to the process, the above results can be used as they are, or 
preferably a certain number of the above results can be taken into account or used in 
the execution effected by the first processing means. In the example, the central 
processing unit of the PC executes the public part of the program to display the 
20 position of the cursor on the screen. 

It will be seen that the user cannot utilize the cursor function of word 
processing in the absence of the card. Any illegal copying of the word processing 
software is deterred by this means, since the software is unusable without the card. 
It will be understood that, due to the invention, the above deterrence will be more 
25 effective, the more the secret part corresponds to an essential part of the program. 

Another mode of embodiment of the process of the invention will now be 
described, with reference to Figure 2. 

The system required for the implementation of the process is identical to that 
described hereinabove, with the following differences. 
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The secret part 14 is disposed in encoded form 14' on the optical disk with the 
public part 12, instead of being disposed in the chip card. 

The ROM memory of the chip card contains, besides the operating system, 
a function 32 for decoding and for loading the decoded program into its RAM 
5 memory. 

During the execution of the program according to the invention, the following 
operations or steps are carried out. 

All or a portion of the encoded program 14' is transmitted from the first 
processing means to the second. 
10 In the example, it is the function of calculating the cursor position which is 

encoded. This is transmitted encoded by the word processing program to the chip 
card, for example on starting the program. It can likewise be transmitted only at the 
instant when it becomes necessary. For this purpose, the word processing program 
likewise includes information permitting the position to be localized, particularly its 
15 address or its filename. 

According to the process, the encoded secret part received by the second, 
secure processing means is decoded by implementing the decoding function, and the 
decoded secret part is stored in secure memory. 

In the example, the chip card decodes the function of calculating the cursor 
20 position by implementing its decoding function, and stores the function concerned in 

an executable form. 

It will be seen in this example that the process implements a system 
comprising a smart card which is capable of loading all or a portion of the coded 
program, decoding with a secret key 34 from the software publisher, receiving calls 
25 from the first means and transmitting them for the executable program which has 

been loaded beforehand, and returning the results to the first processing means. 

The public executable program includes supplementary instructions for 
transmitting portions of secret program to the card, via the input/output functions of 
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the operating system of the card or possibly via those of the operating system of the 
PC, and instructions for calls to functions loaded on the card. 

By extension of the possible applications of the process of the invention, the 
decoder of the second processing means can be in a hardwired form on a memory card, 
5 in order to reduce the cost of the accessory. 

As for the first processing means, it is generally a central processing unit of 
a personal computer. 

Advantageously, before loading the public part onto the first processing 
means such as a PC, the public part can be disposed on a server 36 or a database to 
10 which the central processing unit of the first means can be connected. The public part 

of a program or software product can likewise be disposed on a network, particularly 
of the Internet type, to which the first processing means can be connected as the user 
wishes. 

Thus, for a potential purchaser of a software product, it is sufficient to search 
15 the software accessible on the network such as the Internet, and to load it into the 

memory of his PC. In parallel, the purchaser can receive the card containing the 
secret part, in particular by mail. 

Although the software is available to everyone on the Internet network, it can 
only be used if the user has the accessory, particularly in the form of a card having 
20 a microprocessor. 

Thus, by this means, the invention permits the software publisher to free 
himself from the copying of these last on a physical medium such as a diskette. The 
invention likewise dispenses with the physical distribution of the software. 

Accompanying the executable software placed on the Internet, it is possible 
25 to add data such as the contents of a user's manual for the software. 



Process of Distribution of Rights: 

The invention described hereinabove enables the distribution of the software 
itself to be separated from the distribution of the rights of utilization. The software 
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can be freely copied by users and/or placed at their disposal on a local or distant 
server, without restriction of access. This is the case for the public part as well as for 
the secret part in the case that this has been encoded, as described in the second 
variant. On the other hand, the distribution of the rights has to be secured to ensure 
5 that the use of the software is only granted after payment. 

In the first variant described hereinabove, the rights are realized in the form 
of the secret part of the program stored on the card. Indeed, only those who possess 
a card with this secret program can use the software. In the second variant, the rights 
are realized by a secret cryptographic key which enables the second processing means 

10 (security module) to decode the secret code which is transmitted to it. 

In the two variants which have been described, the rights (secret program or 
secret key) are loaded into the security module before its distribution. It is likewise 
possible to distribute these elements to an already distributed card, by means such as 
a public network (such as the Internet) to which the PC with the user's card is 

15 connected, or by the insertion of the card in a point of sale device at a software 

retailer's. A third means consists of establishing communication between a remote 
rights distribution server and the utilizing PC via the telephone network by means 
of a modem. The remote distribution of rights makes it possible to download new 
rights into a card which already contains rights, for example, for a new item of 

20 software whose public program is freely accessible elsewhere, either through a 

network or from a friend's copy, or for example because the initial CD-ROM 
(compact optical disk) contains several software products but the user has only 
purchased the rights to one of them. It also enables the distribution of the cards to 
be separated from the distribution of rights, which for example permits several 

25 software publishers to utilize the protection ensured by the same card. The card 

which has become neutral can in this case be purchased by an end user from the 
microcomputer retailer. 
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To effect the distribution of the key or of the secret program in a secure 
manner, a first variant of the process is described hereinbelow. It is supposed that the 
starting card does not contain any rights. 

(1) The issuer of the card includes on it, before distribution, and in addition 
5 to the elements described hereinabove in the two variants of the invention, a decoding 

means and a secret key, intended to decode the rights (which in one case are 
themselves represented by a key). Furthermore, he includes there a unique number 
(different for each card) which is termed the "identity" of the card. 

(2) The issuer of the card places at the disposal of software publisher(s) a 
10 decoding means for the rights and its encoding key, for the particular programs of this 

publisher or these publishers. The encoding key is in this case identical to the 
decoding key contained in the user's card. 

(3) During the purchase of rights, the purchaser places his card in 
communication with the rights distribution server, which itself is connected to the 

15 rights coding means. This can be effected, for example, from the user's home, the 

office, or at a point of sale for software, via any data communication means such as 
the Internet network, a modem connection, or the use of the communication means 
of the networks of mobile telephones equipped with a card reader. 

(4) After verification of payment by some means, (not described here but 
20 which can make use of a manual transaction with cash or a check to the storekeeper, 

or an automatic transaction with the same or another remote server, making use of 
specific payment functions of the operating system of the same or another card), the 
card sends to the server a request for loading the rights. This request includes an 
identification of the software product requested, as well as the identity of the card. 
25 (5) The server combines the identity of the card with the rights coding key, 

for example, by a logical XOR operation, the result being a number of bits suitable 
for use as the encoding key. This process is termed diversification of the key. The 
server uses this diversified key to encode the requested rights. It makes it possible to 
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guarantee that the thus encoded rights will only be usable by the card which has 
requested them, and in particular cannot be loaded onto other cards. 

(6) The server sends the thus encoded rights to the purchaser's card. 

(7) The purchaser's card effects the same operation combining encoding key 
and identity to calculate the decoding key. It uses this to decode the rights, and stores 
them in its non- volatile memory. It then has the means to execute the secret part of 
the program which has been purchased. 



